booting on Fedora 17/18 with basic video mode
Joe Zeff
joe at zeff.us
Thu Jan 31 21:48:45 UTC 2013
On 01/31/2013 12:26 PM, Craig White wrote:
> You should install the repo key on your system prior to ever installing
> packages. If you import the key, you don't have this problem.
> Instructions are on rpmfusion.org website for this purpose.
>
I do. I've been having intermittent issues with rpmfusion (only) about
packages where the key doesn't match on my F16 desktop for over a year.
Today, there was one update from there and it installed without a
problem, with the gpg check enabled, so it looks like I should have the
right key installed.
> Yum's 'nogpgcheck' option bypasses the signature requirement on packages
> which means that you could install packages from anyone claiming to be
> rpmfusion.org. It is relatively simple to poison someone's DNS and
> direct them to some other repo so while you trust rpmfusion.org, you are
> also trusting your DNS not to lie to you.
I normally use yumex every day and when the error pops up, I unselect
everything from rpmfusion and tell yumex to try again. Then, I examine
the remaining updates to make sure they're what I expect to see and tell
yumex to turn off the gpg check for that run only. I'm very, very
careful about what I allow to update that way and I'd never suggest that
anybody turn it off completely, or if they're not sure that they trust
the repo in question. And, if you'll go back and look at what I
originally wrote, I made sure to warn the OP to be careful with it.
(I'll go even farther, now: if you're not sure it's safe, or you're not
comfortable with doing it, don't.)
More information about the users
mailing list